Fix gitignore and push creds script #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PushToMainAction | |
on: | |
push: | |
branches: ["main"] | |
workflow_dispatch: | |
# Cancel in-progress jobs or runs for the current workflow | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
NODE_VERSION: "20.x" | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: self-hosted | |
steps: | |
- name: Fetch git repository | |
uses: actions/[email protected] | |
with: | |
fetch-depth: "0" | |
- uses: actions/cache/restore@v3 | |
id: cache | |
with: | |
path: | | |
cache | |
.sst | |
key: cache-main | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
cache: "npm" | |
- name: Build and deploy | |
run: | | |
# Set up the environment variables | |
export NODE_OPTIONS=--experimental-wasm-modules | |
export IS_PUBLIC=true | |
export CUSTOM_DOMAIN=ecosystemdashboard.linaro.org | |
export CLOUDINARY_CLOUD_NAME=${{ secrets.CLOUDINARY_CLOUD_NAME }} | |
export CLOUDINARY_API_KEY=${{ secrets.CLOUDINARY_API_KEY }} | |
export CLOUDINARY_API_SECRET=${{ secrets.CLOUDINARY_API_SECRET }} | |
# Set up yarn | |
yarn install | |
pipenv install | |
$(pipenv run python ./get_aws_creds.py -i ${{ secrets.VAULT_ROLE_ID }} -s ${{ secrets.VAULT_SECRET_ID }} -r ${{ secrets.VAULT_ROLE }} 2>&1 | tee /dev/stderr) | |
# Build & deploy | |
if [ -d "dist" ]; then | |
rm -rf dist | |
fi | |
yarn sst deploy --stage prod | |
- uses: actions/cache/save@v4 | |
with: | |
path: | | |
cache | |
.sst | |
key: cache-main |